dropbear as ssh honeypot
Hans Harder
hans at atbas.org
Fri Dec 1 02:47:32 AWST 2017
Hi Matt,
I was looking for a SSH honeypot... so I thought about adapting dropbear.
Seems to me it would be easy to disable any successfull logins by adapting
the
file svr_auth.c with
/* Send a success message to the user, and set the "authdone" flag */
void send_msg_userauth_success() {
#if DROPBEAR_SVR_HONEYPOT
send_msg_userauth_failure(0, 1);
#else
... original code
#endif
}
Is it really that easy to prevent any logins like that or am I forgetting
something.
I prefer dropbear besides all the other ssh honeypot implementations,
because I already use dropbear and I know the code....
Hans
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20171130/737b8a6e/attachment.htm
More information about the Dropbear
mailing list